# Conflicts:

# NOTICE # pom.xml # provider/partition-azure/pom.xml

# Conflicts:
# NOTICE # pom.xml # provider/partition-azure/pom.xml
7a9ab23d · Mingyang Zhu · 5753dcfe · 7a9ab23d · 7a9ab23d · 7a9ab23d
Commit 7a9ab23d authored May 17, 2021 by Mingyang Zhu
--- a/NOTICE
+++ b/NOTICE
--- a/devops/azure/chart/templates/deployment.yaml
+++ b/devops/azure/chart/templates/deployment.yaml
@@ -63,6 +63,8 @@ spec:
          value: "80"
        - name: ACCEPT_HTTP  # TEMPORARY UNTIL HTTPS
          value: "true"
+        - name: partition_spring_logging_level
+          value: INFO
        - name: KEYVAULT_URI
          valueFrom:
            configMapKeyRef:

--- a/partition-core/pom.xml
+++ b/partition-core/pom.xml
@@ -16,9 +16,7 @@
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
-	<groupId>org.opengroup.osdu</groupId>
 	<artifactId>partition-core</artifactId>
-	<version>0.9.0-SNAPSHOT</version>
 	<description>Core project for the partition service</description>
 	<packaging>jar</packaging>

@@ -42,9 +40,6 @@
 		<cobertura_maven_plugin_version>2.7</cobertura_maven_plugin_version>
 		<maven_surefire_plugin_version>3.0.0-M4</maven_surefire_plugin_version>
 		<maven_failsafe_plugin_version>3.0.0-M4</maven_failsafe_plugin_version>
-		<!--
-		<springfox-version>2.9.2</springfox-version>
-		-->
 	</properties>

 	<dependencies>
@@ -56,27 +51,10 @@
 		<dependency>
 			<groupId>org.opengroup.osdu</groupId>
 			<artifactId>os-core-common</artifactId>
-			<version>${os-core-common.version}</version>
-			<exclusions>
-				<exclusion>
-					<groupId>org.elasticsearch.client</groupId>
-					<artifactId>elasticsearch-rest-client</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.tomcat.embed</groupId>
-			<artifactId>tomcat-embed-core</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
-			<exclusions>
-				<exclusion>
-					<groupId>org.springframework.boot</groupId>
-					<artifactId>spring-boot-starter-tomcat</artifactId>
-				</exclusion>
-			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -93,12 +71,6 @@
 			</exclusions>
 		</dependency>

-		<dependency>
-			<groupId>com.auth0</groupId>
-			<artifactId>jwks-rsa</artifactId>
-			<version>0.12.0</version>
-		</dependency>
-
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-validation</artifactId>
@@ -158,6 +130,15 @@
 			<groupId>io.springfox</groupId>
 			<artifactId>springfox-swagger2</artifactId>
 			<version>${springfox-version}</version>
+			<exclusions>
+				<exclusion>
+					<!--
+					Excluding com.google.guava:guava:jar:18.0, because it has security vulnerability
+					-->
+					<groupId>com.google.guava</groupId>
+					<artifactId>guava</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
 		<dependency>
 			<groupId>io.springfox</groupId>

--- a/pom.xml
+++ b/pom.xml
@@ -26,8 +26,8 @@
    <maven.compiler.target>1.8</maven.compiler.target>
    <maven.compiler.source>1.8</maven.compiler.source>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <os-core-common.version>0.9.0-rc6</os-core-common.version>
-    <tomcat_embed_core_version>9.0.37</tomcat_embed_core_version>
+    <os-core-common.version>0.9.0-rc7</os-core-common.version>
+    <org.springframework.boot.version>2.4.5</org.springframework.boot.version>
  </properties>

  <packaging>pom</packaging>
@@ -35,18 +35,13 @@
  <dependencyManagement>
    <dependencies>
      <dependency>
-        <groupId>org.springframework.boot</groupId>
-        <artifactId>spring-boot-dependencies</artifactId>
-        <version>2.3.5.RELEASE</version>
+        <groupId>org.opengroup.osdu</groupId>
+        <artifactId>os-core-common</artifactId>
+        <version>${os-core-common.version}</version>
        <type>pom</type>
        <scope>import</scope>
      </dependency>

-      <dependency>
-        <groupId>org.apache.tomcat.embed</groupId>
-        <artifactId>tomcat-embed-core</artifactId>
-        <version>${tomcat_embed_core_version}</version>
-      </dependency>
      <dependency>
        <groupId>org.apache.httpcomponents</groupId>
        <artifactId>httpclient</artifactId>
@@ -62,6 +57,14 @@
            <groupId>org.elasticsearch.client</groupId>
            <artifactId>elasticsearch-rest-client</artifactId>
          </exclusion>
+          <exclusion>
+            <groupId>org.elasticsearch</groupId>
+            <artifactId>elasticsearch</artifactId>
+          </exclusion>
+          <exclusion>
+            <groupId>org.elasticsearch.client</groupId>
+            <artifactId>elasticsearch-rest-high-level-client</artifactId>
+          </exclusion>
        </exclusions>
      </dependency>
    </dependencies>
@@ -82,7 +85,7 @@
        <plugin>
          <groupId>org.springframework.boot</groupId>
          <artifactId>spring-boot-maven-plugin</artifactId>
-          <version>2.3.1.RELEASE</version>
+          <version>${org.springframework.boot.version}</version>
        </plugin>
      </plugins>
    </pluginManagement>

--- a/provider/partition-aws/pom.xml
+++ b/provider/partition-aws/pom.xml
@@ -27,7 +27,6 @@

    <modelVersion>4.0.0</modelVersion>
    <artifactId>partition-aws</artifactId>
-    <version>0.9.0-SNAPSHOT</version>
    <description>Partition service on AWS</description>
    <packaging>jar</packaging>

@@ -63,7 +62,7 @@
        <dependency>
            <groupId>org.opengroup.osdu</groupId>
            <artifactId>partition-core</artifactId>
-            <version>0.9.0-SNAPSHOT</version>
+            <version>${project.version}</version>
        </dependency>

        <!-- AWS managed packages -->

--- a/provider/partition-azure/pom.xml
+++ b/provider/partition-azure/pom.xml
@@ -10,20 +10,15 @@

  <modelVersion>4.0.0</modelVersion>
  <artifactId>partition-azure</artifactId>
-  <version>0.9.0-SNAPSHOT</version>
  <description>Partition service on Azure</description>
  <packaging>jar</packaging>

  <properties>
-    <osdu.partition-core.version>0.9.0-SNAPSHOT</osdu.partition-core.version>
-    <osdu.corelibazure.version>0.9.0-rc2</osdu.corelibazure.version>
-    <osdu.oscorecommon.version>0.9.0-rc6</osdu.oscorecommon.version>
-    <azure.version>2.3.5</azure.version>
+    <osdu.corelibazure.version>0.9.0-rc3</osdu.corelibazure.version>
    <junit.version>4.12</junit.version>
    <mockito.version>2.25.0</mockito.version>
    <powermock.version>2.0.2</powermock.version>
-    <nimbus-jose-jwt>7.9</nimbus-jose-jwt>
-    <jwks-rsa>0.12.0</jwks-rsa>
+    <json-smart.version>2.4.6</json-smart.version>
  </properties>

  <dependencyManagement>
@@ -44,7 +39,7 @@
    <dependency>
      <groupId>org.opengroup.osdu</groupId>
      <artifactId>partition-core</artifactId>
-      <version>${osdu.partition-core.version}</version>
+      <version>${project.version}</version>
    </dependency>
    <dependency>
      <groupId>org.opengroup.osdu</groupId>
@@ -54,12 +49,16 @@
    <dependency>
      <groupId>org.opengroup.osdu</groupId>
      <artifactId>os-core-common</artifactId>
-      <exclusions>
-        <exclusion>
-          <groupId>org.elasticsearch.client</groupId>
-          <artifactId>elasticsearch-rest-client</artifactId>
-        </exclusion>
-      </exclusions>
+    </dependency>
+
+    <!--
+    Many dependencies contain library with vulnerabilities: net.minidev:json-smart:jar:2.3
+    because of that we need to enforce the higher version
+    -->
+    <dependency>
+      <groupId>net.minidev</groupId>
+      <artifactId>json-smart</artifactId>
+      <version>${json-smart.version}</version>
    </dependency>

    <dependency>
@@ -86,38 +85,16 @@
    </dependency>

    <!-- Azure dependencies -->
-    <dependency>
-      <groupId>com.microsoft.azure</groupId>
-      <artifactId>azure-spring-boot-metrics-starter</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework.boot</groupId>
-      <artifactId>spring-boot-starter-log4j2</artifactId>
-    </dependency>
    <dependency>
      <groupId>com.microsoft.azure</groupId>
      <artifactId>azure-storage</artifactId>
      <version>8.6.5</version>
    </dependency>
    <dependency>
-      <groupId>com.microsoft.azure</groupId>
-      <artifactId>azure-active-directory-spring-boot-starter</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.microsoft.azure</groupId>
-      <artifactId>msal4j</artifactId>
+      <groupId>com.azure.spring</groupId>
+      <artifactId>azure-spring-boot-starter-active-directory</artifactId>
    </dependency>
    <!-- Other dependencies -->
-    <dependency>
-      <groupId>com.auth0</groupId>
-      <artifactId>jwks-rsa</artifactId>
-      <version>${jwks-rsa}</version>
-    </dependency>
-    <dependency>
-      <groupId>com.nimbusds</groupId>
-      <artifactId>nimbus-jose-jwt</artifactId>
-      <version>${nimbus-jose-jwt}</version>
-    </dependency>
    <dependency>
      <groupId>org.projectlombok</groupId>
      <artifactId>lombok</artifactId>

--- a/provider/partition-azure/src/main/java/org/opengroup/osdu/partition/provider/azure/security/AADSecurityConfig.java
+++ b/provider/partition-azure/src/main/java/org/opengroup/osdu/partition/provider/azure/security/AADSecurityConfig.java
@@ -14,7 +14,7 @@

 package org.opengroup.osdu.partition.provider.azure.security;

-import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
+import com.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;

--- a/provider/partition-azure/src/main/java/org/opengroup/osdu/partition/provider/azure/utils/AuthorizationService.java
+++ b/provider/partition-azure/src/main/java/org/opengroup/osdu/partition/provider/azure/utils/AuthorizationService.java
@@ -14,12 +14,14 @@

 package org.opengroup.osdu.partition.provider.azure.utils;

-import com.microsoft.azure.spring.autoconfigure.aad.UserPrincipal;
+import com.azure.spring.autoconfigure.aad.UserPrincipal;
 import org.opengroup.osdu.partition.provider.interfaces.IAuthorizationService;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;

+import java.util.Map;
+
 @Component
 public class AuthorizationService implements IAuthorizationService {

@@ -64,9 +66,10 @@ public class AuthorizationService implements IAuthorizationService {
     */
    private UserType getType(UserPrincipal u) {
        UserType type;
-        if (u.getUpn() != null) {
+        Map<String, Object> claims = u.getClaims();
+        if (claims != null && claims.get("upn") != null) {
            type = UserType.REGULAR_USER;
-        } else if (u.getUniqueName() != null) {
+        } else if (claims != null && claims.get("unique_name") != null) {
            type = UserType.GUEST_USER;
        } else {
            type = UserType.SERVICE_PRINCIPAL;

--- a/provider/partition-azure/src/main/resources/application.properties
+++ b/provider/partition-azure/src/main/resources/application.properties
 LOG_PREFIX=partition
 server.servlet.contextPath=/api/partition/v1
-logging.level.org.springframework.web=DEBUG
+logging.level.org.springframework.web=${partition_spring_logging_level:INFO}
 JAVA_OPTS=-Dserver.port=80
 server.port=8080
 springfox.documentation.swagger.v2.path=/api-docs
+PARTITION_API=

 #logging configuration
 logging.transaction.enabled=true

--- a/provider/partition-azure/src/test/java/org/opengroup/osdu/partition/provider/azure/security/AADSecurityConfigTest.java
+++ b/provider/partition-azure/src/test/java/org/opengroup/osdu/partition/provider/azure/security/AADSecurityConfigTest.java
@@ -14,10 +14,9 @@

 package org.opengroup.osdu.partition.provider.azure.security;

-import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
-import com.microsoft.azure.spring.autoconfigure.aad.UserPrincipalManager;
+import com.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
+import com.azure.spring.autoconfigure.aad.UserPrincipalManager;
 import org.junit.Before;
-import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.opengroup.osdu.partition.api.PartitionApi;

--- a/provider/partition-azure/src/test/java/org/opengroup/osdu/partition/provider/azure/security/WhoamiControllerTest.java
+++ b/provider/partition-azure/src/test/java/org/opengroup/osdu/partition/provider/azure/security/WhoamiControllerTest.java
@@ -14,12 +14,13 @@

 package org.opengroup.osdu.partition.provider.azure.security;

+import com.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
+import com.azure.spring.autoconfigure.aad.UserPrincipalManager;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
-import org.powermock.modules.junit4.PowerMockRunner;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
@@ -36,9 +37,6 @@ import org.springframework.web.context.WebApplicationContext;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

-import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
-import com.microsoft.azure.spring.autoconfigure.aad.UserPrincipalManager;
-
 @RunWith(SpringRunner.class)
 @PrepareForTest(SecurityContextHolder.class)
 @SpringBootTest(classes = {WhoamiController.class, AADSecurityConfig.class,

--- a/provider/partition-azure/src/test/java/org/opengroup/osdu/partition/provider/azure/utils/AuthorizationServiceTest.java
+++ b/provider/partition-azure/src/test/java/org/opengroup/osdu/partition/provider/azure/utils/AuthorizationServiceTest.java
@@ -14,7 +14,7 @@

 package org.opengroup.osdu.partition.provider.azure.utils;

-import com.microsoft.azure.spring.autoconfigure.aad.UserPrincipal;
+import com.azure.spring.autoconfigure.aad.UserPrincipal;
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.JWSHeader;
 import com.nimbusds.jose.JWSObject;
@@ -69,7 +69,7 @@ public class AuthorizationServiceTest {
                .build();
        final JWSObject jwsObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).build(),
                new Payload(jwtClaimsSet.toString()));
-        return new UserPrincipal(jwsObject, jwtClaimsSet);
+        return new UserPrincipal("token", jwsObject, jwtClaimsSet);
    }

    private DummyAuthToken createSAuthToken(final String email, final String appcode) {

--- a/provider/partition-gcp/pom.xml
+++ b/provider/partition-gcp/pom.xml
@@ -10,7 +10,6 @@
  </parent>

  <artifactId>partition-gcp</artifactId>
-  <version>0.9.0-SNAPSHOT</version>
  <description>Partition service on GCP</description>
  <packaging>jar</packaging>

@@ -19,12 +18,11 @@
    <dependency>
      <groupId>org.opengroup.osdu</groupId>
      <artifactId>partition-core</artifactId>
-      <version>0.9.0-SNAPSHOT</version>
+      <version>${project.version}</version>
    </dependency>
    <dependency>
      <groupId>org.opengroup.osdu</groupId>
      <artifactId>os-core-common</artifactId>
-      <version>0.3.28</version>
    </dependency>

    <dependency>

--- a/provider/partition-ibm/pom.xml
+++ b/provider/partition-ibm/pom.xml
@@ -15,7 +15,6 @@

    <modelVersion>4.0.0</modelVersion>
    <artifactId>partition-ibm</artifactId>
-    <version>0.9.0-SNAPSHOT</version>
    <description>Partition service on IBM</description>
    <packaging>jar</packaging>

@@ -33,7 +32,7 @@
        <dependency>
            <groupId>org.opengroup.osdu</groupId>
            <artifactId>partition-core</artifactId>
-            <version>0.9.0-SNAPSHOT</version>
+            <version>${project.version}</version>
        </dependency>